Re: [syzbot] [kernel?] linux-next test error: KASAN: slab-use-after-free Write in binder_add_device

From: Aleksandr Nogikh
Date: Mon Jan 27 2025 - 13:50:55 EST

Next message: kernel test robot: "Re: [PATCH 5/5] mm: completely abstract unnecessary adj_start calculation"
Previous message: Kienan Stewart: "[PATCH] kbuild: Add missing $(objtree) prefix to powerpc crtsavres.o artifact"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 23, 2025 at 5:49 PM Carlos Llamas <cmllamas@xxxxxxxxxx> wrote:
>
> On Thu, Jan 23, 2025 at 01:32:29PM +0100, Aleksandr Nogikh wrote:
> > The problem began to appear after:
> >
> > commit 12d909cac1e1c4147cc3417fee804ee12fc6b984
> > Author: Li Li <dualli@xxxxxxxxxx>
> > Date: Wed Dec 18 13:29:34 2024 -0800
> >
> > binderfs: add new binder devices to binder_devices
> >
>
> Correct. I tried to mark this commit with a #syz blame or something but
> I couldn't find anything.

That's not supported at the moment. I've just added a +1 to our
related backlog issue:
https://github.com/google/syzkaller/issues/3491.

> The problem here is we add binderfs devices to
> the binder_devices list but we don't remove them when these are kfreed
> e.g. during umount.
>
> This is then fairly easy to reproduce, something like:
> $ mount -t binder binder /dev/binderfs
> $ umount /dev/binderfs
> $ mount -t binder binder /dev/binderfs
>
> It should be a simply fix. I'll send a patch later today.

Thanks for having taken a look and fixing this bug!

--
Aleksandr

>
> Thanks,
> --
> Carlos Llamas

Next message: kernel test robot: "Re: [PATCH 5/5] mm: completely abstract unnecessary adj_start calculation"
Previous message: Kienan Stewart: "[PATCH] kbuild: Add missing $(objtree) prefix to powerpc crtsavres.o artifact"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]